Is it ever acceptable for a journalist to hack into somebody else’s email?

It’s an interesting question – and one that has recently come to the fore because of the alleged hack by Sky news journalist Gerard Tubb.

As Naked Securityreported last year, Sky News correspondent Gerard Tubb managed to gain access to an email account belonging to John Darwin – the so-called “Canoe Man” who faked his own death as part of a complex fraud involving his wife.

In a case which gripped the British public’s imagination, keen canoeist John Darwin faked his own death at sea in 2002 only to subsequently walk into a London police station over five years later claiming to have no memory of what had happened to him.

Darwin’s wife acted surprised and overjoyed at her husband’s “back-from-the-dead” miracle, but the smiles soon disappeared when a photograph was found on the internet showing the couple posing for a Panama estate agent’s website.

It transpired that during his “missing years” Darwin had moved into a bedsit adjacent to his family home, and began to live secretly with his wife again.

Having collected collected life insurance and pension policies worth £250,000, the Darwins bought property in Panama with the intention of creating a canoe holiday business – and starting a new life together.

While John Darwin remained in Central America, his wife Anne returned to the UK to sell their property in Seaton Carew, near Hartlepool.

The trial of “Canoe Man” and his wife captured the imagination of the British public, and media agencies were keen to uncover more about the couple.

In a July 2008 news report, which has since been removed from the Sky News website, reporter Gerard Tubb told how he he had uncovered evidence including emails that revealed why the missing man had returned to Britain, and the couple’s plan to settle back in Panama.

"We discovered an email from John to Anne dated 31 May 2007 in which he tells her that planned changes to visa regulations will prevent him from continuing to live in Panama with a tourist visa."

A spreadsheet, allegedly created by the couple and describing their “masterplan”, was also published by Sky News on its website.

Unauthorised access to another individual’s computer or email account like this is a breach of the Computer Misuse Act, a criminal offence in the UK that can lead to imprisonment.

However, Sky News bosses, who had approved the hack by Gerard Tubb, argued that the hacking was “justified and in the public interest”.

At last year’s Leveson Inquiry into press ethics and criminal activity by journalists, Lord Justice Leveson told Sky News that they had clearly broken the law and couldn’t hide behind a “public interest” defence.

“At the end of the day you committed a crime,” Lord Leveson said during testimony given by John Ryley, head of Sky News.

Yesterday, however, the chances of Sky News or reporter Gerard Tubb being charged over the email hack disappeared.

As The Guardianreports, the Crown Prosecution Service has decided that it would not be in the public interest to prosecute Gerard Tubb, because the unauthorised access was done with the intention fo proving a criminal act had been committed.

It transpires that the police lawfully obtained a number of the same emails, which were used by prosecutors as evidence during the trial of Anne Darwin.

And that’s really the point, isn’t it?

The authorities have the ability and the means to lawfully access email communications as part of their investigations – and maverick journalists shouldn’t be hacking into email accounts, particularly when the owners of those email accounts are already under investigation by the police.

It’s easy to imagine how evidence could become corrupted or could be argued to have become tainted or compromised if unauthorised third parties have had access to it.

It may not be in the public interest to press charges against Gerard Tubb and Sky News, but this decision should not be taken as a green light by other journalists that email hacking is ever acceptable.

And what of “Canoe man” and his wife? John Darwin was given a six year prison sentence, and was released in early 2011. His wife was released from jail two months later. Word has is it that Darwin worked on his memoirs while in prison – which, no doubt, will be serialised by the press.

About the author

Graham Cluley runs his own award-winning computer security blog at https://www.grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley

11 comments on “Is it ever acceptable for a journalist to hack into somebody else’s email?”

Whether the intention was to prove a criminal act had been committed or not, doesn't make this less of a crime. 2 wrongs and all that. I would say that both Sky along with Mr Tubb are rather fortunate considering the circumstances.

The “public interest” defence is a valid one.. assuming that the act is committed doing something that is *genuinely* in the public interest (rather than just being something that interests the public). Journalists often have broken the law to expose greater lawbreaking, and they are aware of the potentially great risks when they do it.

In this case the defence is a bit more marginal, as the police already had access to the same information. In fact, a ham-fisted attempt to rifle through the suspect’s email may well have jeopardised the police investigation. But on the other hand, these evidence did provide proof of criminal wrongdoing.

So, in my view, the answer to the question “Is it ever acceptable for a journalist to hack into somebody else’s email?” is “yes, but in very limited circumstances”.

I hear what you are saying, however, they didn't know what they would find until they hacked in. So, it is purely by chance that evidence of criminality was found. In some ways I agree with you, though I think perhaps had there been weak or coincidental evidence which led them to believe that they may find evidence of criminality then I may lean towards it being for the greater good. Still stick with my position that it is wrong.

and what about so called security experts insulting, denigrating hacking victims openly without any notice or research or communication to the related and asking google to clean their names on web search results like mister conrad longmore, because truth is there ? seems he has an opinion on everybody but don t likes others to have one about him.

I'd say, "No". The point of a journalist's hacking is not "to bring the guilty to justice" but to get information for a newspaper-selling story.

If we want the criminals brought to justice then, at the point at which the journalist would have hacked emails he or she can pass what they have to the police who at least have monitoring structures and rules of conduct in place.

It is the job of a journalist to report news, not to detect crime. If a journalist has evidence that a crime has been committed, or that people are conspiring to commit a crime, he or she should report that to the police. It does not justify the journalist committing another crime to seek more details.

Is it ever acceptable for a journalist to hack into somebody else's email?

No. Hacking into somebody else's email account(s) is a crime. Hacking is probably addictive. For that reason, I doubt hackers stop after hacking just one email account. Hackers should be fined and imprisoned.